Hi,
I'm trying to get iproute2 to route outgoing packets marked using
iptables to an alternate route.
I have ver 1.2.13 of devil-linux and I'm using the following commands
to try to route
in /etc/iproute2/rt_tables I have appended the following entry
200 alt.net
I have then executed the following command
ip rule add fwmark 1 table alt.net
ip route add default via 172.16.1.1 dev eth2 table alt.net
ip route flush cache
My normal routing has eth0 as the default route so the above should
override the routing for rules that mark packets with a 1.
I'm using firewall builder to manage iptables and have used their
marking action to mark the packets.
I have rules that I'm using to test this to NAT outgoing traffic to
tcp port 119 with policy rules to 1st mark packets destined through
this route, then another rule to accept it.
It doesn't seem to matter which things I change, the data always
seems to go out through the default route and the the alt.net route.
(I'm using tcpdump to confirm this)
The lartc docs have the following kernel options required for routing
marked packets in iproute2
IP: advanced router (CONFIG_IP_ADVANCED_ROUTER) [Y/n/?]
IP: policy routing (CONFIG_IP_MULTIPLE_TABLES) [Y/n/?]
IP: use netfilter MARK value as routing key (CONFIG_IP_ROUTE_FWMARK) [Y/n/?]
all of which are correctly set according to DL-kernel-config file
included in the devil-linux download, so the correct compile options
look to be set.
Does anyone have any suggestions on what I may be doing wrong or
further things I could check.
Thanks,
Andrew